home

superplusradio v2.1-buttonutil.dll

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module superplusradio v2.1-buttonutil.dll by ColoColo Apps (Bright Circle Investments) has been detected as adware by 20 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
ColoColo Apps (Bright Circle Investments Ltd)  (signed and verified)

MD5:
da870ad5436eebc28d9bfc251412f52a

SHA-1:
ff0e5ac73a87d5d88720beede53272037a6bab39

SHA-256:
d5b76e251db91f5917db3f61ea2b77d8cbba066c55ab9cfaeebf797c137153dc

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is ColoColo Apps (Bright Circle Investments Ltd).

Analysis date:
4/26/2024 12:28:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.yy5@mKyTr2hi
6489972

AhnLab V3 Security
PUP/Win32.CrossRider
2015.01.31

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.206.0

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.15130

Bitdefender
Gen:Application.Heur.yy5@mKyTr2hi
1.0.20.150

Dr.Web
MULDROP.Trojan
9.0.1.030

Emsisoft Anti-Malware
Gen:Application.Heur.yy5@mKyTr2hi
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.BD potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.yy5@mKyTr2hi
5.13.68

G Data
Gen:Application.Heur.yy5@mKyTr2hi
15.1.25

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

McAfee
Artemis!DA870AD5436E
5600.6869

MicroWorld eScan
Gen:Application.Heur.yy5@mKyTr2hi
16.0.0.90

Norman
Gen:Application.Heur.yy5@kKyTr2hi
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.01.30.03

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.Crossrider.Brightcircle
15.2.10.11

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15128

Sophos
PUA 'AppRider' (of type Adware)
5.10

VIPRE Antivirus
Threat.4789396
36666

File size:
385.5 KB (394,712 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\superplusradio v2.1\superplusradio v2.1-buttonutil.dll

Digital Signature
Signed by:
ColoColo Apps (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 2:00:00 AM

Valid to:
12/17/2015 1:59:59 AM

Subject:
CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata
Compilation timestamp:
1/27/2015 1:04:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:6X7IMXT28QZkJWIj+xikKqFwD8hYxTBKLLNBr/2lUzXZWF:I7VtIJ8kK60fxTALLn+YXZWF

Entry address:
0x22873

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C1, AF, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, C3, 04, 10, E8, 3E, 4E, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, 41, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, D0, 55, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.4122

Developed / compiled with:
Microsoft Visual C++

Code size:
252 KB (258,048 bytes)

Remove superplusradio v2.1-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.